CodeLink

Tóm tắt công việc

We are looking for a Senior Security Engineer who will act as a security champion for project teams, helping identify potential security weaknesses and improve system security throughout the development lifecycle.

This role focuses on working closely with developers, DevOps engineers, and project teams to review system designs, identify vulnerabilities, and provide practical security recommendations before and during project releases.

Responsibilities

1. Security Review & Risk Identification

• Review project architectures, applications, and infrastructure to identify potential security risks.
• Act with a red-team mindset to identify weaknesses before production releases.
• Perform security assessments and vulnerability reviews on applications and cloud environments.

2. Security Design Review & Threat Modeling

• Participate in security design reviews for new systems and major architectural changes.
• Guide teams in performing threat modeling to identify potential attack scenarios.
• Provide recommendations to improve authentication, access control, data protection, and system security.

3. Vulnerability Management & Security Improvement

• Identify security vulnerabilities and work with Engineering and DevOps teams to resolve them.
• Support teams in implementing security improvements across application code, infrastructure, and configuration.
• Track remediation progress and ensure security issues are addressed.

4. Secure Development Practices

• Promote secure development practices (Secure SDLC) within engineering teams.
• Provide guidance on secure coding, secrets management, and secure system design.
• Share security knowledge and practical best practices with developers.

5. Client Security & Compliance Support

• Ensure project teams meet security and compliance requirements defined by clients.
• Support project teams in responding to client security reviews.
• Help ensure projects follow internal security policies and standards such as ISO27001.

• 5+ years of experience in security engineering, application security, DevSecOps, or infrastructure security.
• Strong understanding of application security principles and common vulnerabilities (OWASP Top 10).
• Experience with cloud environments (AWS, GCP, or Azure).
• Familiarity with:
  • Authentication and authorization mechanisms
• Secure coding practices
• Authentication and authorization
• Encryption and secrets management
• Network security concepts
• Experience with security testing tools, vulnerability scanning, or penetration testing techniques is a plus.
• Strong English communication skills (written and verbal).
• Strong collaboration skills to work across multiple project teams.
• Security certifications such as Security+, CISSP, CEH, or similar are a plus.